The Weakness of Integrity Protection for LTE

In this paper, the authors concentrate on the security issues of the integrity protection of LTE and present two different forgery attacks; linear forgery attack, EIA1 and EIA3 and integrity protection algorithms of LTE, are insecure if the Initial Value (IV) can be repeated twice during the life cycle of an Integrity Key (IK). Because of the linearity of EIA1 and EIA3, given two valid Message Authentication Codes (MACs) their algorithm can forge up to 232 valid MACs. Thus, the probability of finding a valid MAC is dramatically increased. Although the combination of IV and IK never repeats in the ordinary case, in their well-designed scenario, the attacker can make the same combination occur twice.